Subscribe

I just counted: As it turns out, I am the proud maintainer of 19 different WordPress installations. How did I get here? I have no idea. It probably has to do with some bad life choices. “Let’s just spin up a WordPress for this!” sounded totally doable at the time. But then what?

WordPress is brittle. WordPress plugins and themes are often created by folks who are just learning how to code. What you want to do is update WordPress and all plugins and themes *all* *the* *time*. Otherwise, very bad things happen sooner than you may think. Trust me, been there, done that.

The wish list

After a few WordPress installs I had hosted for a friend who promised to “make all updates all the time, of course” got hacked, I started looking for a way to solve this problem once and (hopefully) for all. This is the wishlist I started out with:

1. Get an Uberspace (23 seconds)

Uberspace is an awesome command-line powered hosting provider with great features and support which lets you pay what you want (with a minimum of 1 Euro per month).

2. Configure your DNS (49 seconds)

Make note of your IP address(es) within the Uberspace dashboard and edit your DNS records so that your domains point to your Uberspace. Since Uberspace is fully IPv6 ready, you might want to set up both A and AAAA records.

3. Create your Bedrock fork (14 seconds)

Bedrock is a Composer-powered WordPress boilerplate. The idea is that you keep your plugins and themes in a Git repo and reference publicly available third party themes and plugins using Composer, a dependency manager for PHP. For every WordPress site, you’ll create a fork of Bedrock. Read this handy guide to learn how to add themes and plugins to your Bedrock WordPress.

4. Install Ansible (42 seconds)

On the Mac with Homebrew, a simple brew install ansible will do. For more ways to install Ansible, see the docs.

Ansible is an IT automation engine (their words, not mine) which is basically scripted multi-server SSH on steroids. In Ansible, you create “playbooks” which are scripts that run stuff on servers.

5. Clone the Uberspace Playbook (13 seconds)

Simply run git clone git@github.com:yeah/ansible-uberspace.git to get the latest and greatest version of my Uberspace Playbook.

This is where the magic happens. The Uberspace Playbook contains all the configurations necessary to set up awesome WordPress hosting on Uberspace.

6. Add your Uberspace as Ansible inventory (2 minutes)

Within your copy of the Uberspace Playbook, copy uberspaces.example to uberspaces and add your Uberspace host and username. You can add as many Uberspaces here as you want. Ansible will install them all together.

Next, copy host_vars/UBERSPACE_NAME.UBERSPACE_HOST.uberspace.de.example to a new file named without the .example suffix and replace UBERSPACE_NAME with your username and UBERSPACE_HOST with your Uberspace host.

Now, edit the file you just created and add the domains you set up previously. Choose an internal name for your WordPress install, modify bedrock_repo to point to your Bedrock fork, and specify the domains (again). If you want to use your Uberspace for other things besides WordPress, add all domains you’re using to the domains section at the beginning and only those which should point to a WordPress instance to the respective domains within wordpress_instances. You can of course have as many domains and subdomains as you want and you can run as many WordPress instances as you want.

7. Run Ansible! (39 seconds)

Within your copy of the Uberspace Playbook, run ansible-playbook --ask-pass site.yml.

Be sure to check out the Uberspace Playbook’s source code to learn what actually happens in the background.

If you need to add themes or plugins, simply update, commit and push your Bedrock fork and run the playbook again.

8. Hold on a minute and think about pricing

While the kind folks at Uberspace do allow you to pay as little as €1 for an account, a generous offer like that is not sustainable. Uberspace recommends that you pay between €5 and €10 per month which is still a great deal given the flexibility and support you’re getting.

If you’re making money from the sites you’re hosting, you may consider paying more than that and therefore help keep Uberspace a place that’s affordable for everyone. If you can’t afford more than €1, that’s fine, too.

So, here’s an update on how to automatically save mail attachments (e.g. invoices and receipts) in a specific folder in ownCloud. The basic idea is to set up a billing@example.com email address and store all received PDF files in ownCloud.

So here, we go. We’re still using Uberspace for this because we still like it – even after three years. But again, you should be able to adapt this for any Linux based setup.

Configuring qmail and reformime

At Uberspace, you get an unlimited number of email addresses out of the box. Your primary is composed like this:

username@hostname.uberspace.de

Where username is your Uberspace username and hostname is the host your account is hosted on. What happens to emails coming this way is governed by a small file named ~/.qmail. In much the same way, you can use any email address that follows this format:

username-foo@hostname.uberspace.de

Where foo can be anything you like. To specify what should happen with emails coming in via this address, you can create a file called ~/.qmail-foo.

So, for instance, if you want all email PDF attachments sent to peter-owncloud@phoenix.uberspace.de to appear in ownCloud, create a ~/.qmail-owncloud file with the following content:

This is just a quick brain dump for my (seemingly working) setup involving a wall-mounted screen, a Raspberry Pi, Raspbian, Chromium, and VNC with the goal of displaying a simple web site (e.g. a Geckoboard).

If you develop JavaScript a lot and do not know tern.js, you should definitely check it out: Tern.js anaylzes your code and enhances your various editors with code completion, function argument hints, refactoring and more goodies.

If you use vim and want to use Tern’s ability to jump to a variable or function definition by simply Ctrl-clicking on it, just create a file called ~/.vim/ftplugin/javscript/ternclick.vim and add this line to it:

:nnoremap <buffer> <C-LeftMouse> <LeftMouse>:TernDef<CR>

By limiting this functionality to buffers with filetype javascript you can still use other ctrl-click plug-ins (or built-ins) like ctags.

At Planio and LAUNCH/CO, we receive a lot of PDF receipts for things we purchase online or services we use regularly. I want all those files to go directly into a designated folder in my Dropbox and I don’t want to look at them until the end of the month when I zip everything together and send it to our accountant.

For this purpose, I have been using a service called send to dropbox for a while until it started getting unreliable. Soon it didn’t upload any of the e-mails anymore without even supplying an error message and I ended up fiddling with my e-mail attachments by hand again. Not very funny.

So, I hacked together something that “works for me” (TM) and doesn’t rely on an external service. Well, in fact, I am still relying on Uberspace to host this, but (a) I could easily do this everywhere else and (b) it’s a huge improvement over send to dropbox which felt more like a blackbox.

This is how it’s done on Uberspace, but really the instructions are very much applicable to any Linux based setup.

Download and Setup Dropbox Uploader

Dropbox Uploader is an awesome little shell script written by Andrea Fabrizi which can be used to upload files to Dropbox from the command line. It is very handy since it has no dependencies except for curl. For my purpose, it needed a little tweaking since it would not accept files from standard input, so I forked it and am currently waiting if my pull request is being merged. I will update this article as soon as it does, since I have no interest in maintaining the fork. Andrea seems to be doing an awesome job with this.

This installs the latest version of Dropbox Uploader in ~/opt/Dropbox-Uploader and creates a handy symlink to it in ~/bin which should be in your PATH already.

To verify if that last assumption is true (and to authenticate Dropbox Uploader), simply run

dropbox_uploader.sh

It should lead you through the process of creating your own Dropbox App and authenticating your copy of Dropbox Uploader against it. If asked for the Access Level I’d opt for App folder since this won’t give the app access to your entire Dropbox. Your credentials are stored in ~/.dropbox_uploader which is 600 by default, but if you’re a bit paranoid like me, App folder is still the safer bet.

If you’d like to test Dropbox Uploader, perform a simple upload like this:

A file called hello_world.txt should magically appear in your Dropbox. Does it work? Yay! Then here comes the fun part…

Configuring qmail and reformime

Again, it should not be hard to adapt this to other MTAs, but since Uberspace uses qmail (or netqmail to be more specific) this tutorial is written for that.

At Uberspace, you get an unlimited number of e-mail addresses out of the box. Your primary is composed like this:

username@hostname.uberspace.de

Where username is your Uberspace username and hostname is the host your account is hosted on. What happens to e-mails coming this way is governed by a small file named ~/.qmail. In much the same way, you can use any e-mail address that follows this format:

username-foo@hostname.uberspace.de

Where foo can be anything you like. To specify what should happen with e-mails coming in via this address, you can create a file called ~/.qmail-foo.

So, for instance, if you want all e-mail PDF attachments sent to peter-dropbox@phoenix.uberspace.de to appear in your Dropbox, create a ~/.qmail-dropbox file with the following content:

Modern Linux distributions allow you to encrypt your home directory. When logging in the user’s password is used to decrypt the home directory. This works great unless you are using one of the many other options that PAM offers for authentication. PAM (Pluggable Authentication Modules) is an extensible authentication system, currently standard on most modern Unix systems including Linux.

On my Thinkpad notebooks I am used to the comfort of the finger print reader instead of having to type and remember passwords. As far as I know support for decrypting the home directory using your finger print has not been developed yet. Thus my preferred solution is:
– For initial login after use a password and decrypt home. This happens very seldom anyway.
– For everything else (sudo, screensaver, etc.) use the finger print reader
– Whenever the finger print is not available (ssh, injured finger, etc.) fall back to password

Luckily using pam this can be easily achieved. The solution below has been tested on Ubuntu but it should work with slight adoptions on most linux distributions. If you have configured an alternative authentication method like a finger print reader (or if your distribution or an setup script has done this for you) you will probably have edited /etc/pam.d/common-auth. Copy this file now e.g. to /etc/pam.d/common-auth-pass-only and remove the lines that you added during configuration in the new file. I am using fprint so I had to remove the following line:

auth [success=3 default=ignore] pam_fprintd.so

Now configure your login manager to use the password-only-configuration by substituting@include common-auth through @include common-auth-pass-only. Your login manager is probably configured in one of those files:

/etc/pam.d/lightdm
/etc/pam.d/gdm
/etc/pam.d/kdm

You might want to do the same for /etc/pam.d/sshd or others as well.

If you know about a way to support the finger print reader during initial login in combination with an encryted home I’d be happy to hear about it in the comments.

We have a pfSense 2.0 router at our coworking space which is hooked up to a pretty fast VDSL line so I thought it would be a fun idea to connect my home network (where I’m using a FRITZ!Box 7390) to the work LAN using a secure and permenent VPN tunnel.

Prerequisites

First things first, create permanent hostnames for your pfSense and your FRITZ!Box. If your DSL provider has assigned permanent IP addresses, that’s fine. If they didn’t you’ll probably need something like DynDNS. Last time I checked, you could still get free accounts, otherwise it’s just a few bucks a year – probably a good investment. You’ll need to configure both the pfSense and the FRITZ!Box to update your DynDNS hosts whenever their IP address changes, but that’s pretty straight forward so I won’t cover it here. Fun fact: you can add CNAME records to your company domain pointing to your DynDNS host, so it looks even more professional. We use vpn.launchco.com for instance – how cool is that?

You’ll also need two different primary subnets for your networks, i.e. if your home network lives in 192.168.178.0/24, which is the standard network a FRITZ!Box uses, your work network has to use something else, like 192.168.1.0/24, which is by the way the standard that pfSense uses – so you should be safe if you’re like me a big fan of sticking with sensible vendor defaults.

Now, with the permanent hostnames and subnets in place, let’s get down to business.

Setting up pfSense

We’re using IPsec, so let’s head to VPN -> IPsec first and click the [+] icon on the bottom right to add a new phase 1 entry.

Fill the form in accordance to what you see on the following screenshot:

Obviously, replace your-fritz.dyndns.org with the permanent hostname assigned to your FRITZ!Box as well as your-pfsense.dyndns.org with the one on your pfSense box. The Pre-Shared Key should be a long random string. Don’t worry, you won’t have to remember it. You’ll just save that in the FRITZ!Box later and then you can forget about it.

Next up, we need a phase 2 entry. For that, click the [+] icon next to a label that says Show 0 Phase-2 entries and fill the form like below:

Here, you just need to make sure that you replace 192.168.178.0 with the actual subnet your FRITZ!Box uses. Again, if you’ve sticked with the default when setting up the box, this setting should be right for you.

That should be it for the pfSense. After saving it’ll probably ask you to apply or reload the configuration. This is safe to do now.

Setting up the FRITZ!Box

Now, let’s finish this by configuring a VPN entry in your FRITZ!Box. From my perspective, this part is much easier, because I’m just pasting code instead of fiddling with screenshots – yay!

Fire up your favorite text editor and paste the following code:

Make the necessary modifications according to the comments in the file. Then, open the FRITZ!Box configuration interface in your browser and head to Internet -> Freigaben -> VPN, use the browse button to select the file you just created and click on VPN-Einstellungen importieren.

That’s it – you’re done. In my first trials I had to go back to the pfSense interface and navigate to Status -> IPsec to click on a small [>] (“play”) button to get things rolling. Maybe you need this, maybe it just works without it.

Getting the connection up after a restart of either of the two routers sometimes fails which is most probably due to the fact that DynDNS updates have not yet propagated when the VPN tries to connect. In this case, just be patient; both boxes will keep retrying to open VPN connections and you can always stop/start on both ends yourself. Once a connection is made, the tunnels are usually stable and rock-solid. Enjoy!

So I recently found myself generating permalinks in JavaScript again which can be fun and painful. It seems to be less painful if you just ignore anything that’s not [a-zA-Z0-9] and replace it with a hyphen -.

However, this starts looking ugly rather quickly if you’re from Germany or France for instance, where use of umlauts and accents is very common. Something really nice likeJ'ai montré les éléphants à ma sœur
becomes something really ugly likej-ai-montr-les-l-phants-ma-s-ur.

So as Holger pointed out, I needed a diacritics table which I found here. After some modifications for the German language (e.g. ä -> ae, ß -> ss), I came up with this.

It’s still heavily based on what lehel built, so thank him, not me. I just wanted to put my improved version here, so I don’t forget it.

Update: I have created a Gist for this over at Github so we can continue to update it there…

Recently I had to switch a project from Bazaar to Git. Fortunately this has become quite easy using the right plugins. Just in case anyone out there needs to do the same: these are the steps if you want to keep your version history.

Git comes with an import plugin, bzr has an export plugin available. On debian based distros you might need to install the latter using

# available in lenny-backports, squeeze and ubuntu since 9.10
sudo apt-get install bzr-fastimport

Assuming you have Bazaar repository in the folder ./bzr-repo just follow these steps to clone it to a git repoitory in the folder ./git-repo:

The best part is: If you missed some revisions of Bazaar, e.g. because you forgot to merge an important branch, you can easily repeat the line bzr fast-export ../$BZR/ | git fast-import and Git should be smart enough to only import missing revisions.

So I wanted to buy a NAS that can act as a time capsule for Apple computers and run a proper Linux at the same time. I also wanted to be able to run the occasional Windows or Linux VM and I wanted to have a lot of storage. As I knew the thing was going to be in our coworking space, it also needed to have disk encryption.

Here’s how I built this for just under €500.00 using standard components and free open source software.

Selecting the hardware components

The N36L (which I bought) comes with a single 250GB hard drive which obviously did not meet my “a lot of storage” requirement. So I bought 4 identical Seagate Barracuda Green 2000GB SATA drives which would add another €229.92 to the bill if you bought them today. I am not an expert in hard drives, but the Seagate Barracuda brand was familiar and “Green” sounds good as well.

If you don’t want your new server to host virtual machines at some point, you can probably get out your credit card and check out right now. If you’re like me though, you’d add another 2 bars of 4GB Kingston ValueRAM PC3-10667U CL9 (DDR3-1333) to your cart. The two of them together are just €44.24, so it’s no big deal anyways.

All components together will set you off €484.06. The rest is based on open source software (Debian mostly) which is free as in beer. More about that after the break.